Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(9120)

55
1
Low Cost
kaoosurf-a11y icon

mcp-server-n8n

by kaoosurf-a11y

Sec5

Provides a Model Context Protocol (MCP) server for n8n to expose custom tools, starting with a mathematical expression evaluator.

Setup Requirements

  • ⚠️The server's listening PORT is hardcoded to 3000 and must match EasyPanel settings.
Review RequiredView Analysis
The server uses `mathjs.evaluate(input)` to process user-provided mathematical expressions. While `mathjs.evaluate` is generally safer than raw `eval()`, it still executes arbitrary user input as code within a mathematical context. This poses a potential risk for denial-of-service (e.g., very complex or long expressions) or, in highly unlikely scenarios, sandbox escapes if a fundamental vulnerability were found in the mathjs library. Input for the 'calculate' tool should be sanitized or validated if coming from untrusted sources.
Updated: 2025-12-11GitHub
55
20
Medium Cost
jcfischer icon

supertag-cli

by jcfischer

Sec5

Integrate Tana with AI agents by providing a local API for querying Tana data, performing semantic searches, and creating new Tana nodes.

Setup Requirements

  • ⚠️Requires Bun runtime to execute.
  • ⚠️Tana API token is required for write operations (e.g., creating nodes) and optional for read-only modes.
  • ⚠️Ollama runtime and relevant embedding models (e.g., bge-m3) must be running locally for semantic search functionality.
  • ⚠️Requires `supertag sync index` to populate the local SQLite database from Tana exports for any read operations.
Verified SafeView Analysis
The Tana Webhook Server component (part of the overall CLI, but can be run via `supertag server start`) is designed to expose API endpoints without authentication. If this server is publicly exposed on the internet without additional security measures (like a reverse proxy with authentication or strict firewall rules), it constitutes a critical security vulnerability, allowing unauthorized access to query and potentially manipulate Tana data. The tool itself uses `child_process.spawn` for specific, controlled system commands (e.g., `zip`, `unzip`, `ls`, or daemonization), and `JSON.parse` on user input, which may introduce risks if not handled robustly. `Playwright` is used for browser automation in the `supertag-export` part, which could expose to browser vulnerabilities, though it's typically for local authentication flow. When run locally and not exposed, the risks are significantly mitigated.
Updated: 2026-01-19GitHub
55
96
Low Cost
my-mcp-hub icon

mcp-kit

by my-mcp-hub

Sec8

A CLI tool for scaffolding new Model Context Protocol (MCP) applications, including MCP Servers and Clients.

Setup Requirements

  • ⚠️Requires Node.js version 18 or higher as a prerequisite.
  • ⚠️The `installDependencies` function explicitly uses `npm install`, regardless of the package manager used to invoke `create-mcp-kit`.
  • ⚠️Requires an active internet connection for installing project dependencies via `npm install`.
Verified SafeView Analysis
The codebase uses `node:child_process.spawn` to execute `npm install` within newly created project directories, which is standard practice for scaffolding tools that need to install dependencies defined in their templates. File system operations (`cp`, `mkdir`, `readdir`, `rename`, `rmdir`, `stat`, `unlink`, `writeFile`, `readFile`) are also confined to creating projects from trusted templates. There are no indications of 'eval', code obfuscation, or arbitrary code execution from user input. The tool itself does not expose network services, though the projects it generates can have HTTP/SSE transports. No hardcoded secrets were found.
Updated: 2026-01-19GitHub
55
1
Low Cost
Sec8

This project serves as a Python client demonstration for interacting with Azure DevOps, showcasing API calls for project management, work item manipulation, or pipeline status.

Setup Requirements

  • ⚠️Requires an Azure DevOps Personal Access Token (PAT) with appropriate permissions.
  • ⚠️Requires an existing Azure DevOps Organization URL, Project, and Team to connect to.
  • ⚠️Python 3.10 or newer is required.
Verified SafeView Analysis
The code itself is likely benign for a client demo; however, it requires and transmits a Personal Access Token (PAT) to Azure DevOps. The primary security consideration is securing this PAT, ensuring it has minimal necessary scope, and preventing its exposure or unauthorized access. Storing it in a .env file is common for development but requires care.
Updated: 2025-11-18GitHub
55
1
Low Cost
falconry icon
Sec8

An ASGI server implementation of the Model Context Protocol (MCP) enabling AI agents to interact with defined tools and resources via JSON-RPC.

Setup Requirements

  • ⚠️Requires 'uvicorn' to be installed (e.g., `pip install falcon-mcp-server[serve]`).
  • ⚠️Requires Python 3.10 or newer.
  • ⚠️For full AI agent interaction, an external MCP client (e.g., MCPHost) and an LLM (e.g., Ollama) are needed.
Verified SafeView Analysis
The server uses Falcon ASGI and implements JSON-RPC 2.0. Input validation is performed for content types. The `tools/call` method executes registered Python functions with client-provided arguments (`tool.method(**arguments)`). While currently safe as tools are added programmatically by the server developer, this pattern requires careful scrutiny for any future expansions where tools might be dynamically registered or arguments are not strictly validated by their `input_schema`. No obvious `eval`/`exec` or hardcoded secrets were found. Session management is in-memory for the MVP.
Updated: 2026-01-18GitHub
55
1
Low Cost
Calvin-Francis icon

memory-mcp

by Calvin-Francis

Sec8

Provides AI assistants with persistent semantic memory and knowledge graph capabilities, enabling cross-session memory, semantic retrieval, and complex reasoning.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0
  • ⚠️Requires PostgreSQL >= 14 with the 'pgvector' extension, which must be manually installed.
  • ⚠️Requires an Aliyun DashScope API Key (a paid service) for generating embeddings.
Verified SafeView Analysis
The server uses parameterized SQL queries throughout `memory.js` and `graph.js` to prevent SQL injection. Configuration, including API keys and database connection strings, is loaded from environment variables, avoiding hardcoded secrets. Communication occurs over standard I/O (stdio) via JSON-RPC 2.0, which significantly limits external network attack surface. An LRU cache is implemented for embedding generation, reducing frequent calls to external APIs. While the server directly parses arbitrary JSON from stdin, there is no explicit input schema validation before arguments are passed to service functions. PostgreSQL's strong typing does offer a layer of protection against unexpected data types being directly inserted. There is a theoretical potential for denial-of-service (DoS) if excessively large or deeply nested JSON inputs are provided via stdin, though this is less critical for a local stdio connection.
Updated: 2025-12-01GitHub
55
1
Medium Cost
mihaelamj icon

cupertino-docs

by mihaelamj

Sec8

Provides a TLS/SSL implementation for SwiftNIO applications, enabling secure network communication for both clients and servers.

Setup Requirements

  • ⚠️Requires Swift 5.7 or newer to run (specific versions listed in documentation).
  • ⚠️For server-side usage, requires an X.509 certificate chain and an associated private key file.
  • ⚠️Requires integration into a SwiftNIO application's ChannelPipeline, involving specific ChannelHandler setup.
Verified SafeView Analysis
The SwiftNIO SSL library itself is designed for secure communication using BoringSSL. However, its effective security critically depends on correct implementation, including secure handling of certificate chains and private keys (e.g., 'cert.pem', 'key.pem'), proper certificate validation (e.g., hostname verification for clients), and robust TLS configuration by the application developer.
Updated: 2025-12-02GitHub
55
1
Low Cost
DisanduP icon
Sec8

Converts Mermaid diagram code into Draw.io (MxGraph) XML format, enabling visualization tools and AI agents to work with structured diagram data. It also supports generating basic Markdown representations of Mermaid code and validating syntax.

Setup Requirements

  • ⚠️Requires Node.js v18 or higher.
  • ⚠️Requires `@modelcontextprotocol/sdk/server` npm package to be installed.
  • ⚠️Designed to be run as a Model Context Protocol (MCP) server, requiring integration with an MCP-compatible client (e.g., a BMAD agent or IDE with MCP support) to be fully utilized.
Verified SafeView Analysis
The server's core function is text-to-XML transformation. Input parsing for Mermaid code is handled by custom internal logic without using 'eval()' or dynamic code execution, mitigating direct code injection risks. File system access is limited to internal configuration and style files within the server's directory. No hardcoded secrets were found. Potential vulnerabilities are primarily confined to the robustness of the parsing logic against highly malformed or extremely large inputs, which could lead to resource exhaustion (DoS) rather than arbitrary code execution.
Updated: 2025-12-03GitHub
55
1
Low Cost
cameronking4 icon
Sec8

Optimizes LLM tool calling by generating and executing JavaScript code in a sandboxed environment, reducing tokens and latency for complex multi-tool workflows, including MCP integration.

Setup Requirements

  • ⚠️Requires a Vercel account for Sandbox execution.
  • ⚠️Requires `VERCEL_TOKEN` environment variable for Vercel Sandbox.
  • ⚠️Requires Node.js 18+ and `npm` for `stdio` transport MCP servers.
  • ⚠️Requires at least one AI provider API key (Anthropic, OpenAI, or Vercel AI Gateway).
Verified SafeView Analysis
The system executes LLM-generated JavaScript code within Vercel Sandbox, which provides strong isolation, mitigating direct host system compromise. `new Function(code)` is used solely for syntax validation, not direct execution on the host. The MCP `stdio` transport feature (e.g., `npx mcp-server-commands`) runs predefined commands specified in `mcp-config.ts`, not dynamically generated by the LLM, preventing direct command injection into the host OS. Parameter normalization in `mcp-bridge.ts` adds a layer of defense against malformed inputs. A minor concern for a production system is the hardcoded Firecrawl API key in `mcp-config.ts` (though acceptable for a POC), which should ideally be an environment variable. The long `maxDuration` for the API route and sandbox (up to 10 and 5 minutes respectively) could be a theoretical vector for resource exhaustion if not managed by Vercel's platform, but within the sandbox environment, this is primarily a cost/performance consideration.
Updated: 2025-12-03GitHub
55
1
High Cost
1600822305 icon
Sec3

A powerful Android APK reverse engineering MCP server for decompiling, modifying, repackaging, and fast DEX memory editing of APK files.

Setup Requirements

  • ⚠️Requires Java 17+ runtime environment.
  • ⚠️Manual download of 'APKEditor.jar' from a specific GitHub release is required, and it must be placed in the 'libs/' directory.
  • ⚠️Manual build of 'dex-editor.jar' from the 'java-core' project using Gradle is required, and it must be copied to the 'libs/' directory.
  • ⚠️Requires 'apksigner.jar' to be copied from the Android SDK build-tools directory.
Review RequiredView Analysis
The server uses subprocess calls extensively, which are generally handled safely by passing arguments as lists, mitigating direct shell injection. However, the `file_utils` functions (e.g., `file_read`, `file_write`, `file_delete`, `file_copy`, `file_move`, `file_patch`, `file_insert`) take arbitrary `file_path` or `dir_path` arguments. This design permits a malicious client (or an agent controlled by a malicious user) to read, write, or delete files anywhere on the host system where the server process has permissions. This represents a significant sandbox escape vulnerability. Additionally, regular expression-based operations (e.g., `fast_manifest_patch`, `search_text`) could be susceptible to ReDoS (Regular expression Denial of Service) if user-provided patterns are not properly validated or sanitized by the MCP client. The system relies on several external Java JARs (`APKEditor.jar`, `dex-editor.jar`, `jadx-core`) and system tools (`apksigner`, `adb`), whose security and integrity are critical. Hardcoded debug keystore credentials are used as a default, which is standard for Android development but highlights the potential for misuse if not understood by the user.
Updated: 2025-12-11GitHub
55
1
Medium Cost
simplpear icon
Sec5

Integrates Memos with n8n to provide AI-powered note management, including semantic search, automated synchronization, and an MCP server for AI assistant tools.

Setup Requirements

  • ⚠️Requires a paid OpenAI API Key for embeddings and chat.
  • ⚠️Requires a self-hosted Memos instance with API access configured.
  • ⚠️Manual update of Memos API base URL in multiple HTTP Request nodes across all three workflows.
  • ⚠️The vector store is in-memory and non-persistent; it will be cleared upon n8n restarts, necessitating a full re-synchronization.
  • ⚠️The 'Memos vector search tool' chat interface is exposed via an unauthenticated webhook and must be secured at the network level or through n8n's custom authentication to prevent unauthorized OpenAI API usage.
Review RequiredView Analysis
The system exposes Memos API functionalities (create, search, update, delete, upload) to AI assistants via an n8n Model Context Protocol (MCP) server. This requires careful security configuration of the n8n instance, the AI assistant, and the Memos API token to prevent unauthorized access or misuse. The 'Delete Memo' tool carries an explicit warning, emphasizing its destructive nature. All API calls rely on Bearer token authentication for Memos and the MCP server. CRITICAL RISK: The 'Memos vector search tool' workflow uses an unauthenticated 'Chat Trigger' webhook, meaning anyone with the webhook URL can interact with the AI agent and consume OpenAI tokens, potentially leading to unauthorized usage and cost. The hardcoded 'https://notes.littlepear.org/' example URL in the 'Notes vector store schedule update.json' for memo URLs must be updated to the user's Memos instance to prevent unintended data links or privacy exposure. Workflows do not use 'eval' or obvious obfuscation.
Updated: 2026-01-16GitHub
55
1
Low Cost
castle-studio-work icon

geminicli-manage-addon

by castle-studio-work

Sec9

A text-based user interface (TUI) tool for locally managing Geminicli extensions and Model Context Protocol (MCP) servers.

Setup Requirements

  • ⚠️Requires Node.js >= 18.0.0 to be installed.
  • ⚠️Requires Geminicli to be installed and configured separately.
  • ⚠️When run via Geminicli's slash command, users must press Ctrl+F to interact with the TUI.
  • ⚠️Changes made through the tool require restarting Geminicli for them to take effect.
Verified SafeView Analysis
The application primarily interacts with local configuration files in the `~/.gemini` directory using standard Node.js `fs` module operations (read, write, copy). It explicitly backs up files before saving. There are no signs of network communication, `eval` usage, `child_process` execution beyond the main program's launch, or hardcoded sensitive information. File operations are confined to expected configuration paths in the user's home directory.
Updated: 2025-11-30GitHub
PreviousPage 43 of 760Next